#encoding=utf-8 
from scapy.all import *
import re
import datetime
 
def test(page):
    '''
    '''
    for f in page.payload.payload.payload.fields_desc:
        fvalue = page.payload.payload.getfieldval(f.name)
        reprval = f.i2repr(page.payload.payload, fvalue) 
        if 'HTTP' in reprval:
            reprval_list = str(reprval).split(r'\r\n')
            # print(reprval_list)
            la = re.findall('(GET )|(POST )', reprval_list[0])
            # print(la)
            if len(la) != 0:
                if la[0][0] == '':
                    with open('sql.txt', 'r+') as file:
                        for fi in file.readlines():
                            # print('[SQL Att Iden: reprval]: ', str(reprval_list[-1]).lower())
                            if fi.strip('\n') in str(reprval_list[-1]).lower():
                                try:
                                    i = datetime.datetime.now()
                                    print("[!]您正在被攻击！")
                                    print('[*]攻击时间是\t'+str(i))
                                    beiattack = re.findall('Host: \w{3}\.\w{3}\.\w{3}\.\w{3}', str(reprval_list))
                                    print('[*]被SQL注入攻击的IP为\t' + beiattack[0].strip("Host: "))
                                    print('[*]攻击的payload是\t' + reprval_list[-1].strip('\''))
                                    print('[*]提交的方式为\tPOST')
                                    with open('danger.log', 'a+') as f:
                                        f.write(
                                            "[!]您正在被攻击！\n [*]攻击时间是\t%s\n[*]被SQL注入攻击的IP为\t%s\n[*]攻击的payload是\t%s\n[*]提交的方式为\t POST\n\n" % (
                                            str(i),beiattack[0], reprval_list[-1]))
                                except:
                                    pass
                if la[0][1] == '':
                    with open('sql.txt', 'r+') as file:
                        for fi in file.readlines():
                            if fi.strip('\n') in str(reprval_list[0]).lower():
                                try:
                                    i = datetime.datetime.now()
                                    print("[!]您正在被攻击！")
                                    beiattack = re.findall('Host: \w{3}\.\w{3}\.\w{3}\.\w{3}', str(reprval_list))
                                    print('[*]攻击时间是\t'+str(i))
                                    print('[*]被SQL注入攻击的IP为\t' + beiattack[0].strip("Host: "))
                                    print('[*]攻击的payload是\t'+ reprval_list[0].strip('\'GET '))
                                    print('[*]提交的方式为\tGET')
                                    with open('danger.log', 'a+') as f:
                                        f.write(
                                            "[!]您正在被攻击！\n[*]攻击时间是\t%s\n [*]被SQL注入攻击的IP为\t%s\n[*]攻击的payload是\t%s\n[*]提交的方式为\t GET\n\n" % (
                                                str(i),beiattack[0], reprval_list[0]))
                                except:
                                    pass
def main():
    a = sniff(filter='tcp', prn=test, count=0)
if __name__ == '__main__':
    main()
    